7.13 Migrating NIS Maps

If you already have a UNIX NIS Server (text-based) and you want the new NetWare NIS Server to serve the same data served by the old NIS server, copy all those text files into the specified location, then run the migration utility to create eDirectory entries for a specified domain.

The migration utility creates the Domain object in the default context as well as two other containers in the same context with the names domainname_U and domainname_G.

During migration, the utility searches for existing eDirectory users and groups under the containers specified by search_root, the configuration parameter (specified in nfs.cfg) and then, based on the migration option specified, modifies the UNIX information of those objects. If the objects are not found, the users are migrated to domainname_U and the groups are migrated to domainname_G. The rest of the data is migrated under the Map objects created under the Domain object.

IMPORTANT:The User and Group objects aren't created under the passwd and group Map object. They spread across the eDirectory tree and DomainName_U, DomainName_G depending upon the SEARCH_ROOT configuration parameter.

You can migrate maps using any one of the following three options:

For more information on UNIX user management, see UNIX User Management with eDirectory.

7.13.1 File-Based Migration

By default, migration uses the makefile sys:etc/nis/nismake, which contains the location of the text file for every map.

The syntax of the migration utility is:

makenis [-r resultfilename -[r]d domainname [-n context] [-f nismakefilename] {[mapname -[l|b]p line or byte object in mapname]...}

NOTE:Use all options only in the specified order.

  • To create a domain and migrate data or to use the existing domain object, use the following format:

    makenis -d domainname

    The domainname parameter is mandatory.

  • To capture the results of the migration, use the following format:

    makenis -r resultfilename -d domainname

  • To remove the existing domain data and then migrate, use the following format:

    makenis -rd domainname

  • To specify the context where you want to create your Domain object and data, specify it as the contextname: 

    makenis -d domainname -x contextname

    Edit the context parameter by prefixing each of the dots (.) in the Relative Distinguished Names with a backslash (\) to distinguish them from eDirectory names.

  • To specify an NIS makefile other than the default sys:etc/nis/nismake, use the following format: 

    makenis -d domainname -f makefilepath

    To specify the text files that you want to migrate, modify the NIS makefile. The NIS makefile is in the following format: 

    map name    full path    parameters (if any)

    The comment character is the pound sign (#).

    If you do not specify anything, all the files in the makefile are migrated.

    For each map, specify the SECURE parameter so that only requests coming from secure ports are able to access the data. You can specify the migration options: UPDATE, REPLACE, or MERGE.

    For the Password map, you can specify two additional parameters: -u uid (which stops users with a UID less than a particular value from migrating to eDirectory) and AUTOGEN (which generates a UID from the program itself).

    You must specify the text file in the full path in DOS name format.

  • To migrate specific maps, use the following format:

    makenis -d domainname mapname1, mapname2

  • To migrate a map from a particular offset in a specified map text file, use the following format:

    makenis -d domainname mapname -lp lineoffset

    or

    makenis -d domainname mapname, -bp byteoffset

    Line offset is used to start migration from a particular line from the map text file. If the migration fails while migrating large maps, instead of migrating it again from the beginning, you can specify the byteoffset to start from the offset specified in the migration log file. For more details on this offset, refer to the description of the FILEMARK_LOG_FREQ configuration parameter in nis.cfg.

    Makenis adds users to the Members attribute, gives the user the rights equivalent to that of the group, and updates its Group Membership attribute.

7.13.2 ConsoleOne Migration

  1. In the left pane of ConsoleOne, click The Network.

  2. Select the server's tree where you want to manage the domains and maps.

  3. Click the toolbar M icon.

    The following dialog box appears:

    Figure 7-5 Migration Dialog Box

  4. Specify the NetWare Host Name/IP Address, Domain Name, and Domain Context to migrate a domain.

  5. Select the Set the Specified Host As Master Server option to set the NIS Server as master for this specified domain.

  6. In the Master Server Info section, select Clear Existing Maps, if you want to clear the existing maps.

  7. Select the type of the migration you want to perform: Replace, Update, or Merge.

  8. Specify the Master Server Name/IP Address in the Slave Server Info section to set the NIS Server as Slave Server.

  9. Click Migrate to migrate the domain for default maps.

    The available default maps are ethers, hosts, networks, protocols, RPC, services, passwd, group, netgroup, and bootparams. By default, these files should be present in sys:\etc\nis.

  10. Click Advanced to go to the Map Information dialog box to migrate the domain for specific maps.

    Figure 7-6 Map Information Dialog Box

    1. Click either Default Maps or Other Maps.

    2. Select the desired maps from the list, deselect the maps you do not want to migrate, and click OK.

  11. To modify an existing map or add a new map, click Add to go to the Add Map dialog box.

    Figure 7-7 Add Map Dialog Box

    1. Specify the Map Name and the Text File name.

    2. (Conditional) Select Secure if you want to enable secure access to the map.

    3. In the Comment Character box, specify the comment character present in the specified text file, then click OK.

      The default comment character is the pound sign (#).

  12. Click Migrate.

NOTE:When performing special map migration through ConsoleOne, you are required to give the complete path of the file. For example, sys:etc\nis\phlist.

7.13.3 Managing Users and Groups

You can add and modify the information of a User or Group object that already exists in eDirectory.

Modifying User Information

  1. In the left pane of the ConsoleOne main menu, click the eDirectory tree where the object resides.

    If you do not find the tree, click Novell Directory Services, select the tree and log in to it.

  2. Double-click the container named domainname_U, where the User objects reside.

    The User objects under this particular container are displayed.

  3. Right-click the User object whose properties you want to change, then click Properties.

    The following property page appears, displaying the various tabs that should be specified to add and modify the user information in eDirectory.

    All the tabs except the UNIX Profile tabs are standard forms.

    Figure 7-8 UNIX Profile Tab of User Properties Property Page

  4. Click UNIX Profile to modify the UNIX user profile, and specify the information in the following fields:

    User ID: The users' UNIX UID.

    Primary Group: The group ID (GID) of the group this user belongs to. To specify the GID of the user, click Browse and select the appropriate group.

    Login Shell: The preferred login shell of the user.

    Home Directory: The home directory the user wants to be placed in while logging in to the system.

    Comments: Any other comments that the user might want to specify.

    Reset UNIX Password: Use to reset the user's UNIX password.

  5. Click Apply, then click OK.

Modifying Group Information

  1. In the left pane of the ConsoleOne main menu, click the eDirectory tree where the object resides.

    If you do not find the tree, click Novell Directory Services, then select the tree and log in to it.

  2. Double-click the domainname_G container where the Group objects reside.

    The groups under this particular container are displayed.

  3. Right-click the Group object whose properties you want to change, then click Properties.

    The following property page appears, displaying the various forms which should be specified to add and modify the group information in eDirectory.

    All the forms except the UNIX Profile form are standard forms.

    Figure 7-9 UNIX Profile Tab of Group Properties Property Page

  4. Click the UNIX Profile tab and specify the following information to modify the UNIX group profile:

    Group ID: The group's UNIX GID.

  5. Click Apply, then click OK.

Adding a New User or Group

To add a new user:

  1. In the left pane of the ConsoleOne main menu, click the context where you want to add the new user.

  2. Select File > New, then click User.

  3. Provide the user information.

To add a new group:

  1. In the left pane of the ConsoleOne main menu, click the context where you want to add the new group.

  2. Select File > New, then click Group.

  3. Specify the group information.

To make this newly added user or group an NIS User and NIS Group record, add the nisUserGroupDomain attribute to the object. This attribute holds a list of the domains to which that record belongs.

IMPORTANT:When you update a UNIX profile from ConsoleOne, execute NFSSTOP and NFSSTART, for NFS Server to get the modified UNIX information.

Managing Migration Utility Log Files

When you execute the makenis migration utility, the makenis.log log file is created by default in sys:\etc\nis. This file records messages that provide following information:

  • The containers added, such as domainname container, domainname_U (for users), and domainname_G (for groups).

  • The maps added and attached to the container.

  • Parsing statistics for each map. For example, the number of records read, migrated, conflicts, and invalid records.

  • Conflicting record details.